Notably, the October 8 surge was not an isolated episode. The first telemetry from Ferguson revealed that Aisuru had already launched major attacks in mid-September, including a series of multi-terabit attacks targeting networks serving popular online gaming communities, including Minecraft servers, Steam, and Riot Games.
The September attacks probably served as a warm-up run for the massive wave that would come weeks later.
From Mirai roots to proxy sales
Aisuru is nothing new. Its foundation is based on leaked code of the Mirai IoT botnet from 2016, which featured the investigative blog “KrebsOnSecurity” run by Krebs. offline for four days“The 2016 attack was so massive that Akamai – which was providing free DDoS protection for KrebsOnSecurity at the time – asked me to leave their service because the attack was causing problems to their paying customers,” Krebs said. Said Then.
This time, the operators of Aisuru seem to be monetizing and expanding their creation. The botnet is now believed to play a dual role, acting as a DDoS engine as well as a residential proxy network. These proxies allow cybercriminals to carry out attacks through “legitimate” US home devices, thereby hiding the true origin of malicious traffic. Krebs also cited security researchers who believe the compromise of router firmware distribution infrastructure along with an alleged breach in Totolink’s firmware servers in April 2025 could accelerate device enrollment into Aisuru’s ranks. time of lower down A rival botnet (Wrapper Bot) in August 2025 may also have allowed Aisuru to absorb abandoned infected devices, fueling its growth.
